The main objective of cybersecurity is to protect any electronic system that is connected to the network, whether mobile phones, computers, etc. According ISACA (Information Systems Audit and Control Association), "Cybersecurity is the protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by the information systems that are interconnected".
Who is Jaime Andrés Restrepo?
JAR: I am a Systems and Telecommunications engineer from the University of Manizales in Colombia, I have been working on computer security issues for many years, most people know me for having founded a Spanish-speaking computer security community that turns 18 this year online, and therefore always passionate about learning new things, mainly about computer security, which is the topic that most catches my attention.
What is DragonJAR and where does it come from?
JAR: Well, DragonJAR started as a personal page when I was 15 in school, a teacher encouraged me to upload a portal that I had done for an internal competition for the school, and there I was publishing what I learned, I was passionate about the subject of Computer Security, people liked it and began to actively participate in the project.
DragonJAR comes from my NIP which is Dragon and my initials JAR by Jaime Andrés Restrepo, the name was already given and it was already a whole community, and from the 2001 we are online providing information about computer security in Spanish.
What is cybersecurity and how can it be applied?
JAR: For me, cybersecurity is a very large branch of everything that has to do with computer science, although there is also the issue of information security, independent of data recovery, it would also apply. For me, security is basically the art that ensures the information issues of an organization or a person. Apart from that it is a lifestyle, it is the way in which our digital assets can be secured.
RG: Professor Jaime, sometimes citizens believe that cybersecurity is another matter of companies, of governments; However, we note that this is not the case, since we can all be victims of a crime for the attack on our social media accounts, and so on.
In that sense, does cybersecurity apply to everyone?
JAR: The truth is that, today, it is very difficult to make a line that differentiates real life and our digital life, they are very closeWell, a few years ago the line dividing the two worlds was more marked, but today that line is very thin. Right now we do not differentiate what is digital and what is real because the two worlds are inseparably linked.
In the day to day we use information systems to communicate with our loved ones to communicate with anyone, our whole life is on the network, it is very difficult to separate those two worlds and that is why it is important to put security to this digital world because if We don't do it, we are endangering our personality.
You commented, Rodolfo, that this was important for people who use information systems, but I think not even them because in the end, even if you do not use them, your data is in some information system, the database of all Ecuadorian citizens has been leaked recently, and surely many of them have never touched a computer in their life or will not have a phone, but their information private is public, and it is not known with what intentions a person will use it to harm you.
GR: On the other hand, Professor, at the 2015 the topic of the Single Monitoring and Analysis Program (PUMA) was being analyzed, where there was talk of government espionage.
In that sense, what is your opinion on the issue of espionage?
JAR: Yes, that happens in all governments, to a greater or lesser extent or in a more public or less public way. It is a program that we say is necessary because criminals are also migrating to the digital world, so if law enforcement is not on par with criminals it will be very difficult to fight against them.
The problem that most citizens see is that abuse of that power or knowledge of government axes is used for purposes other than fighting crime.
What you mentioned about government espionage or, suddenly if I am not very at par with your political ideals, that you start me to pursue political persecution, because what we are all afraid of when talking about those government espionage programs, all countries they have it, it is a very efficient way to fight crime, and if used well, we should not be afraid.
What was the problem with PUMA?
JAR: The main problem is that a lot of power was put in a single entity, so a court order was not required to be able to perform the eavesdropping or perform the interventions, and that is where it can be given to use it for bad purposes. Finally, although many people opposed, the program was carried out, and it is working, and thanks to that program many advances have been made against crime.
What measures are appropriate to avoid being victims of a cyberattack?
JAR: Definitely, As citizens we can ensure the protection of our information and our digital assets.
One of the measures is the classic password or the access standard, and that is one of the key points that we must keep to be more secure, most of the devices and social networks have the function of the double authentication factor; that is, even if someone has my password but I enter a numerical code or an external validation apart from my password they cannot access my social network, my device or any element of my digital life.
If you activate that, the problems related to improper access to your accounts will be greatly reduced.
Another point is the use of secure accounts, and when I refer to this, it means that they are easy to remember, and difficult to guess, it is the simplest way I have found to explain to people how a password should go.
Example of the above: If you like a song, you know the chorus by heart, you could use that as a password, add a number and a special character at the end, and make a long password. Difficult to guess for a machine or for a person, and very easy to remember for you because it is your favorite song.
What should a government do to avoid being a victim of cyberattack?
JAR: For me the most important thing is human capital, even if you have to make investment in software and in hardware, if you have a good human capital, at the moment of the doors of selling the institution, your organization or your government as such, it will be all much simpler.
And that is where many governments that are dedicated to buying devices or fail software of defense or attack, but they do not make the slightest investment in the human capital that they have to perform those tasks. Then they become monkeys that type, and not thinking people who are prepared for any eventuality.
What are the challenges in cybersecurity?
JAR: The main problem is the lack of awareness, when there is safety awareness, a product does not go into production, does not air without having passed the minimum safety tests, and that happened in almost all environments.
There are countries that are a little more advanced in the subject, for example, we are fortunate to audit companies in the United States or that have direct relations with companies in that country, and there it is very common that in order to be a provider of an organization you have to deliver the latest security tests you did to your organization, that you have to deliver what your security policies are. That is, if I am sure, I can only relate to companies that are safe, and that they have very internalized in those countries where they have already been through many incidents and that makes them more mature in the issue of security, and by They start to protect each other.
Because buying from suppliers that have security tests performed, what we will see is that all suppliers start testing, because if not, they cannot negotiate, and that way the market becomes a little safer. It is one of the things we have noticed when doing such audits to large corporations.